Manager – Information Security

BANK OF AFRICA - KENYA LIMITED (BOA-KENYA) is a commercial bank providing banking services to corporate, SME and retail clientele. The Manager – Information Security is responsible for developing and implementing the Bank’s information security strategy, framework, and policies, ensuring full alignment with the Bank's Enterprise Risk Management Framework and Governance, business goals, and group requirements.

Responsibilities and Accountabilities

• Strategy and Framework: Develop and implement the Bank’s information security strategy and policies, liaising with the Head of Enterprise Risk to ensure alignment with governance and group requirements.
• Control Systems: Drive the implementation of technology control systems and continuously monitor them against business requirements and reported incidents.
• Security Architecture: Design and coordinate reviews of information security architecture to assess data losses and breaches, prioritizing solutions to mitigate threats.
• Risk Assessments: Develop and implement risk assessments and penetration testing schedules to identify and remediate vulnerabilities.
• Incident Response: Lead the monitoring of systems and applications to facilitate effective incident response management and timely recovery.
• Product Development: Review security requirements for new products, services, and IT systems to ensure compliance with security thresholds.
• Change Management: Review and approve infrastructure change requests to ensure they meet risk and compliance standards.
• Business Continuity: Establish and test an information security business continuity plan to minimize the impact of disruptions.
• Security Awareness: Conduct security awareness sessions for employees and customers to foster a strong security culture.
• Compliance: Ensure adherence to ISO 27001, PCI DSS, CBK prudential guidelines, and Data Protection Regulations.
• Audit Collaboration: Collaborate with risk, compliance, and audit teams to ensure timely assessments and implementation of recommendations.
• Vendor Management: Manage security risks associated with third-party IT vendors and partners through risk assessments and SLA monitoring.
• Reporting: Prepare and submit information security risk reports to management and the Board.

Requirements

• Education: Bachelor’s degree in Information Systems, Computer Science, Information Security, or a related field from a recognized and accredited institution.
• Experience: At least eight (8) years’ experience in information security, risk management, and governance, with at least three (3) years specifically in compliance assessments, implementing IT controls, and cyber security management.
• Certifications: Professional certification such as CISM, CISA, Certified Ethical Hacker (CEH), or Licensed Penetration Tester (LPT).
• Technical Knowledge: In-depth knowledge of frameworks such as ISO 27001/2, PCIDSS, NIST, and OWASP.
• Tool Proficiency: Knowledge of authentication, End Point Security, Firewalls, Web Content Filtering, Database Activity Monitoring (DAM), PKI, DLP, and Identity and Access Management (IAM).
• Regulatory Knowledge: Understanding of local and regional regulatory requirements for cyber security and data protection (e.g., CBK guidelines).
• Sector Knowledge: Understanding of banking or financial services operations and practices.

Competencies and Attributes

• Driven by results and business outcomes.
• Strong critical thinking and analytical skills.
• Goal-oriented with strong organizational and self-management abilities.
• Commitment to continuous professional learning and staying updated with industry developments.

How to Apply

Interested and qualified candidates should apply online through the portal by following this link: https://www.myjobmag.co.ke/apply-now/1161849 which redirects to the official Bank of Africa Kenya Limited career application page.